Thursday, April 20, 2006

Alert! Spoofed Symantec Email Disables Anti-virus Updates

Symantec has been spoofed in the form of a high risk malicious email which looks like a Symantec Virus advisory, but actually disables anti-virus updates.

The email contained a "From" address that said it was from Symantec's Norton Anti-Virus division. The message said that the user's computer was infected with a virus called w32.aplore@mm. The user was then directed to a link that was supposed to dispose of the infection, but instead downloaded an executable file that disabled updates.

The malicious file was located on a free hosting service but the Web site mirrored a Symantec update site. The spoof was discovered by security company SurfControl.